10 U.S. Code § 428 - Defense industrial security

(a) Responsibility for Defense Industrial Security.— The Secretary of Defense shall be responsible for the protection of classified information disclosed to contractors of the Department of Defense.

(b) Consistency With Executive Orders and Directives.— The Secretary shall carry out the responsibility assigned under subsection (a) in a manner consistent with Executive Order 12829 (or any successor order to such executive order) and consistent with policies relating to the National Industrial Security Program (or any successor to such program).

(c) Performance of Industrial Security Functions for Other Agencies.— The Secretary may perform industrial security functions for other agencies of the Federal government upon request or upon designation of the Department of Defense as executive agent for the National Industrial Security Program (or any successor to such program).

(d) Regulations and Policy Guidance.— The Secretary shall prescribe, and from time to time revise, such regulations and policy guidance as are necessary to ensure the protection of classified information disclosed to contractors of the Department of Defense.

(e) Dedication of Resources.— The Secretary shall ensure that sufficient resources are provided to staff, train, and support such personnel as are necessary to fully protect classified information disclosed to contractors of the Department of Defense.

(f) Biennial Report.— The Secretary shall report biennially to the congressional defense committees on expenditures and activities of the Department of Defense in carrying out the requirements of this section. The Secretary shall submit the report at or about the same time that the President’s budget is submitted pursuant to section
1105(a) of title
31 in odd numbered years. The report shall be in an unclassified form (with a classified annex if necessary) and shall cover the activities of the Department of Defense in the preceding two fiscal years, including the following:

(1)The workforce responsible for carrying out the requirements of this section, including the number and experience of such workforce; training in the performance of industrial security functions; performance metrics; and resulting assessment of overall quality.

(2)A description of funds authorized, appropriated, or reprogrammed to carry out the requirements of this section, the budget execution of such funds, and the adequacy of budgets provided for performing such purpose.

(3)Statistics on the number of contractors handling classified information of the Department of Defense, and the percentage of such contractors who are subject to foreign ownership, control, or influence.

(4)Statistics on the number of violations identified, enforcement actions taken, and the percentage of such violations occurring at facilities of contractors subject to foreign ownership, control, or influence.

(5)An assessment of whether major contractors implementing the program have adequate enforcement programs and have trained their employees adequately in the requirements of the program.

(6)Trend data on attempts to compromise classified information disclosed to contractors of the Department of Defense to the extent that such data are available.

“(a) Requirement.—The Secretary of Defense shall develop a plan to ensure that covered entities employ and maintain policies and procedures that meet requirements under the national industrial security program. In developing the plan, the Secretary shall consider whether or not covered entities, or any category of covered entities, should be required to establish government security committees similar to those required for companies that are subject to foreign ownership control or influence mitigation measures.

“(b) Covered Entity.—A covered entity under this section is an entity—

“(1) to which the Department of Defense has granted a facility clearance; and

“(2) that is not subject to foreign ownership control or influence mitigation measures.

“(c) Guidance.—The Secretary of Defense shall issue guidance, including appropriate compliance mechanisms, to implement the requirement in subsection (a). To the extent determined appropriate by the Secretary, the guidance shall require covered entities, or any category of covered entities, to establish government security committees similar to those required for companies that are subject to foreign ownership control or influence mitigation measures.

“(d) Report.—Not later than 270 days after the date of the enactment of this Act [Jan. 7, 2011], the Secretary shall submit to the Committees on Armed Services of the Senate and the House of Representatives a report on the plan developed pursuant to subsection (a) and the guidance issued pursuant to subsection (c). The report shall specifically address the rationale for the Secretary’s decision on whether or not to require covered entities, or any category of covered entities, to establish government security committees similar to those required for companies that are subject to foreign ownership control or influence mitigation measures.”

Submission of First Biennial Report

Pub. L. 110–417, [div. A], title VIII, § 845(b),Oct. 14, 2008, 122 Stat. 4542, provided that: “Notwithstanding the deadline in subsection (f) ofsection
438 [now 428] of title 10, United States Code, as added by this section, the first biennial report submitted after the date of the enactment of this Act [Oct. 14, 2008] pursuant to such subsection shall be submitted not later than September 1, 2009, and shall address the period from the date of the enactment of this Act to the issuance of such report.”

LII has no control over and does not endorse any external Internet site that contains links to or references LII.